Award-winning news, views, and insight from the ESET security community

Rogue developers hiding Android malware in apps on Google Play

Respected security blogger Brian Krebs reports that an “explosion in Android malware” is being fuelled by a growing market for hijacked of rogue developer accounts on Google Play, Google’s official Android app store.

Respected security blogger Brian Krebs reports that an “explosion in Android malware” is being fuelled by a growing market for hijacked of rogue developer accounts on Google Play, Google’s official Android app store.

Respected security blogger Brian Krebs reports that an “explosion in Android malware” is being fueled by a growing market for hijacked or rogue developer accounts on Google Play, Google’s official Android app store.

Krebs claims that an Android malware developer active on a popular underground forum was seeking to buy verified developer accounts at Google Play for $100 apiece. According to Krebs: “Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain. The buyer in this case is offering $100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server.”

Krebs goes on to report that the same malware developer also sells an Android SMS malware package that targets customers of CitiBank, as well as 66 other financial institutions around the world. The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.